story-short-scan

Warn

Audited by Socket on May 22, 2026

2 alerts found:

Anomalyx2
AnomalyLOW
scripts/heiyan-booklist-scraper.js

This module is an authenticated automation script that logs in via an existing Chrome session by harvesting a sensitive Admin-Token cookie using CDP-evaluated JavaScript, then uses that token to call privileged management API endpoints and writes scraped results to a local Markdown file. No explicit malware/persistence/destructive actions are evident in this fragment; however, the credential-extraction pattern and dynamic code execution (evalJSON with string-built browser-side code) materially increase supply-chain security risk and would be unacceptable in many threat models. Risk severity is driven by token theft/misuse characteristics, not by overt exploitation or system compromise behavior in the shown code.

Confidence: 68%Severity: 66%
AnomalyLOW
SKILL.md

The skill is mostly aligned with its stated market-scan purpose, but it reaches into a logged-in Chrome session to extract auth tokens and query a backend management API. That makes it higher-trust than a normal content-analysis skill; overall this looks suspicious/moderate-risk rather than clearly malicious because data appears to flow to official platform endpoints, not third-party collectors.

Confidence: 77%Severity: 56%
Audit Metadata
Analyzed At
May 22, 2026, 08:56 AM
Package URL
pkg:socket/skills-sh/worldwonderer%2Foh-story-claudecode%2Fstory-short-scan%2F@55be6b6a9f6ad1d90277e27d3c6a9088e390826f
Security Audit — socket — story-short-scan